Introducing Strictly TweetBOT PRO

Introducing Strictly TweetBOT PRO

By Strictly-Software

Today I created a premium version of my popular WordPress plugin Strictly TweetBOT.

This is the plugin I use on ALL my sites to automatically send out Tweets to various Twitter accounts related on the content of the article.

For example on my horse racing site UK Horse Racing Tipster I set up multiple TweetBOT Accounts that are linked to various Twitter Accounts e.g @ukhorseracetips and @ukautobot and when an article is posted the system uses the words in each accounts content analysis box to decide whether to send the Tweet out or not.

You can choose to
-Always send the Tweet.
-Only send it if one or more words are in the article.
-Only send it if ALL of the words are in the article.
-Don't send the Tweet if any of the words are in the article.

You can also prevent Tweets being sent if they contain "noise" words. This can be a list of swear words or other words you would never want tweeted.

Linking your accounts with Twitter is easy and using the new OAuth Twitter 1.1 API.

To link an account you set it up, save it, then when the page reloads a link will appear saying "Click Here To Authenticate", when you do you will be taken to Twitter where you login and are given a PIN number.

You go back to the plugin admin page and enter the PIN number in the relevant box. Hit save at the bottom and if the details are correct your account will now be linked to Twitter.

If you have already linked a Twitter account then adding another is easy as it will remember your credentials and authenticate it automatically.

The Admin dashboard will contain information on your last posted tweets and there is a "Test Configuration" button that will test all your accounts, links with Twitter and any problems you may have. Excellent for checking your plugin is set-up correctly.

The best thing about this plugin is you can use the articles post tags as #HashTags and with its automatic configuration with Strictly AutoTags it will wait until the tagging is complete before Tweeting rather than Tweeting on publish which would mean some articles wouldn't have tags at that point.

This is possible because of the new finished_doing_tagging hook in Strictly AutoTags which is fired once Tagging is complete. Other plugin authors are free to use this hook as well to ensure actions are only carried out AFTER tagging and not on the "onsave" action/event.


The PRO version of the plugin is only £25 and contains some very useful features especially if you are sending out a lot of Tweets or have an underpowered server. 

It can be bought on my site: Strictly TweetBOT WordPress plugin
Or on Etsy.com in my shop: The Strictly-Software shop.

The PRO version extends the performance features including those which enable you to send an HTTP request to the new article to put it into a cache (depending on the settings of your caching system e.g WP Super Cache, W3 Total Cache) and ensure when the first visitor hits it they get a cached version of the page.

In the PRO version you can do the following:

-Add a delay of X seconds so that after the HTTP request is made no Tweets are sent for a while. This ensures the caching system has time to build and cache the new post.
-Add a query-string to the URL as some caching plugins require special keys or query-string parameters to force the page to be cached.
-Use a special user-agent when making the cache HTTP request. This enables you to track the requests in your Apache Access Log as well as white-listing the user-agent to prevent it from being blocked by .htaccess rules.
-Specify a delay between each Tweet that is sent out from your site. This ensures not too many Tweets hit your account at once and not too much Twitter traffic hits your website all at once. Staggering out your Tweets prevents Twitter Rushes and stops too many new Apache processes from being spawned.

Remember when one Tweet is sent out you will get at least 50 requests to the new post immediately from BOTS who have found the link on Twitter.

This is called a Twitter Rush and can cause major performance problems especially if you are sending out 6+ tweets (6 * 50 = 300 concurrent requests). You can read more about Twitter Rushes here.

Any messages back from Twitter such as posting duplicate Tweets or API errors will be saved and listed in your dashboard so that you can view the status of your last post and all the accounts it tried to tweet to. It will tell you whether the account matched the content analysis or was blocked and the result of any "sleep" or "caching" actions.

The PRO version also allows you to:

-Specify the maximum length a Tweet message can ever have e.g 137. This will ensure all Tweets are sent as sometimes when Tweets are exactly 140 characters long they still get rejected by Twitter.

-Turn off the link between Strictly AutoTags and Strictly TweetBot. If you are having issues with the combination OR just want Tweets to be fired ASAP on publishing whether or not tagging is complete you could turn this option on.

Reasons might be debugging or the use of categories or default hashtags instead of using post tags in your Tweets. If you don't need to use the tags against a post then there is no need to wait in the first place so this option can be disabled.


AutoBlogging - Automatic Posting On WordPress

Combining two of my plugins, Strictly TweetBOT and Strictly AutoTags, make a powerful force for any auto-bloggers out there.

If you are posting your articles by importing them from a feed then these plugins make your site a diamond in the dust.

Not only do you have do nothing but when your feed importer inserts a new article the Strictly AutoTags plugin will do it's job making your article a custom piece of work by:
-Basic content spinning by removing old HTML formatting as B I, FONT and SPAN tags
-Wrapping important tagged content in strong tags to highlight them and tell SERPS like GoogleBOT and YSLURP they are the important words in your article.
-Converting textual links like www.ukhorseracingtipster.com into real clickable links e.g www.ukhorseracingtipster.com.
-Converting a certain number of important tags into links to their relevant tag page.
-Adding rel="nofollow" to existing links in your article that don't already have them as well as those converted to links

Plus the SEO benefits are amazing (as my sites can testify) as the Premium version of the plugin allows you to find certain words and tag others. For example you could find words like al-Qaeda, ISIS, Taliban but add the tag Terrorism. You can add as many of these "Tag Equivalents" as you want.

Also for your "Site Keywords", the words you want associated with your site, for example for my racing site it would be Horse Racing, Racing, Tips, Betting etc, then you can set them to be ranked higher than any other words when it comes to relevancy.

And of course you can specify that words in the Title, H1-6 tags, Anchors, Strong Tags and other content be ranked higher than words outside special format tags.

So the AutoTag plugin does it's magic (read more here) and then once it has completed and you haven't turned the link off between the two plugin the TweetBOT goes to work sending Tweets out to all relevant Twitter accounts.

The Strictly TweetBOT PRO Version is even better than normal because it allows you to stagger your tweeting so they all don't get blasted at once causing a Twitter Rush and because you can format each account differently you could have two accounts both going to the same Twitter Account but with totally different messages.

Plus you can use different tweet shortening functions for each e.g Tweet Shrink or Text Shrink.

For example if the article was about a horse race at Royal Ascot titled "Kingman destroys the pack at Royal Ascot" and the first account was using categories (Ascot, Racing News Horse Racing) as hash tags with the format:

Another Ascot news story %title% which you can read about here %url% %hashtags%

You would get:

Another #Ascot news story Kingman destroys the pack at Royal Ascot which u can rd about here bit.ly/34f53 #RacingNews #HorseRacing

And another account that uses post tags (Kingman, Night of Thunder, Royal Ascot, Ascot and many more) as #hashtags with the format:

Racing news from UK Horse Racing Tipster %url% %title% %hashtags%

Would give you this tweet.

Racing news from UK Horse Racing Tipster bit.ly/34f53 #Kingman destroys the pack at Royal #Ascot #RoyalAscot #NightofThunder #JohnGosden

Putting a time delay of 20 seconds in between each tweet would mean that the first tweet would get sent to your account causing 50+ BOTS and visitors to come and hit your new page (a Twitter Rush) and then 20 seconds later another tweet would be sent causing another lot of visitors. Staggering the tweets prevents Twitter Rushes.

Another new feature is the ability to send an HTTP GET request to your new post hopefully causing it to be cached by WP Super Cache / W3 Total Cache or any other caching plugin.

You have the ability to add another time delay after this request to give the caching plugin time to build the file as well as passing special parameters in the querystring (such as special keys or values required by caching plugins to force a cache).

You can also use a special user-agent to make this request so that you can prevent the request being blocked (for example if you ban blank user-agents like I do) or to identify the request in your log files.

If you don't want to use post tags as #HashTags you can use the articles categories or even specify default hash tags. The system will take the list of possible tags and then order them by size and try to fit as many into the Tweet as possible.

It will now even try and scan the title of the tweet looking for tags contained within the tweet itself and add a # in front of the word as this saves room and allows more hash tags to be used in your %hashtag% parameter.

Buy Strictly TweetBOT PRO

So if you want to aid your WordPress sites performance consider buying the Strictly TweetBOT plugin from my site or Etsy.com or if you download the free version please consider donating some money.

If you want to enhance your auto-blogging capabilities then combining the premium versions of both Strictly TweetBOT PRO and Strictly AutoTags Premium Version will do your site wonders as well as saving you time!

If everyone donated just a single pound for every plugin they had download from WordPress then I would have made hundreds of thousands of pounds by now and could spend my time developing plugins full time AND FOR FREE!

You can also buy a voucher from Etsy.com for £15 that will let you hire me to set the plugin up for you if you are having difficulties or are not a WordPress or Twitter expert. All I would need is access to your admin area to do the work.

Also if you haven't checked lately Strictly AutoTags has a premium version which you can buy for £40 and has LOTS more features than the free WordPress version. It also can be bought with a set-up voucher that you can purchase from Etsy.com.

Also if you could please visit my facebook.com/strictlysoftware fan page and "like" it if you could. Leave comments and pass it onto your friends and fellow WordPress developers.

Strictly AutoTags Fit For WordPress version 3.9.1

Strictly AutoTags Fit For WordPress version 3.9.1

By Strictly-Software

A couple of posts ago I told my users of my plugin that they should be careful if upgrading to WordPress version 3.9.1 as they have totally re-written their core database file wpdb.php to handle a newer format for MySQL queries MySQLi.

They have also added in some good functionality such as their own version for my own fix for their "MySQL Server has gone away" error which just loops for 5 times while trying to re-connect to the database if the connection has been lost. Almost an exact copy of my own idea!

Anyway I was a bit wary about the change but after going over the code in the file I can see they have branched everything out so that if your plugin is still using the older MySQL code-base it will still work.

Basically anything to do with MySQL has an IF statement to check whether the user is using mysqli or not. If not they still run with the older version of the code.

Therefore after a slight issue yesterday which you can read about here: WordPress Forum where a user who was using BOTH Strictly AutoTags AND Strictly TweetBOT ran into an error with JUST the TweetBOT plugin.

There was no mention of Strictly AutoTags which I guess he would have mentioned as he said in the first line he was using BOTH the plugins and the two were working in conjunction with each other. Therefore after some scanning of the code I am 99% sure there isn't a problem with the code and it would be safe to do an update to WordPress 3.9.1.

The issue yesterday was that WordPress had extended their Prepare function so that it ran a test to see if any % signs existed in the SQL statement it raised an error if they didn't. Why they did this I don't know but I removed the prepare function from the offending SQL statement and now Strictly TweetBot works fine with WordPress 3.9.1.

Also I notice in the main section of the plugin page people have put in the compatibility box that it DOES work with version 3.9.1 of the WordPress codebase so if it doesn't someone (or lots of people) are lying!

By the way you can now also buy the premium version of my plugin on etsy.com if you so wish as I setup a shop yesterday. I have already added more products including digital vouchers that will enable you to let me configure your own sites for the best use of my plugins as well as for SEO, security and much more.

Anyway I thought I better let you know in case you were holding off upgrading your WordPress core code base.

In any case (as I do with any big backup - and as WordPress advice) I would backup the files and the database just in case (especially the /wp-includes/wpdb.php file) and if anything goes wrong let me know either here on the blog or on the WordPress support forum.

Thanks

Rob

Problems with WordPress version 3.9 and 3.9.1 - Prepare Statement

Problems with WordPress version 3.9 and 3.9.1 - Prepare Statement

By Strictly-Software

If you have upgraded to WordPress 3.9.1 and suddenly found yourself with a bunch of errors coming from you in every direction it will probably be due to their decision to re-write their wpdb.php class.

Whilst I applaud their decision to implement their own version of my own code that was fixing the "MySQL Server Has Gone Away" Error that seemed to appear everywhere due to lost connections.

It does this by repeatedly calling a "reconnect" in a loop if the error is spawned.

I have to say as a WordPress developer with not much time on his hands that to be told a day before by email (from WordPress) that they were releasing version 3.9 the very next day was not very helpful indeed.

I did warn all my plugin users NOT to upgrade to it (see >  http://blog.strictly-software.com/2014/04/please-dont-upgade-to-wordpress-39.html) as I have no idea what will break with my own plugins if they do.

I still am on 3.8.2 and I won't upgrade until I know I won't be causing a whole shit storm of bugs for myself.

One of these bugs is the prepare statement.

Whilst a newbie PHP / WordPress developer I got into the habit of using $wpdb->prepare all the time when creating inline SQL statements - "where are the decent, transaction, multi recordset returning stored procedures that MS SQL did 10 years ago I still cry in the air at MySQL in vain!"

Therefore a statement like this where I am replacing certain parameters with values is what prepare is aimed for and will work fine in WP 3.9.1

$sql = $wpdb->prepare("UPDATE {$wpdb->posts} SET post_content = %s WHERE id = %d;", $newcontent,$object->ID);

However because of the new re-write of their wpdb.php class in /wp-includes to handle both old and new versions of the MySQL library functions they have also added some unnecessary (or maybe they think they are - forgetting the millions of people who use their code and the plugins built on it) methods and new functionality to existing methods.

One of those is in the prepare method

At the top of the function are these lines of code.

function prepare( $query, $args ) {

if ( is_null( $query ) )
   return;

// This is not meant to be foolproof -- but it will catch obviously incorrect usage.
if ( strpos( $query, '%' ) === false ) {

              _doing_it_wrong( 'wpdb::prepare', sprintf( __( 'The query argument of %s must have a placeholder.' ), 'wpdb::prepare()' ), '3.9' );

}

Notice what it is doing?

It is making sure that the query passed into the prepare method has at least one % symbol in it.

Therefore if you are a plugin write who has just got into the habit of wrapping all their WordPress SQL strings in $wpdb->prepare functions - whether OR NOT they actually have parameters to be replaced you are now in a big hole of doom.

Instead of the error message I guess they hope users see ("The query argument of %s must have a placeholder") is shown to people instead I am getting complaints (see > WordPress bug in my plugin - really WP 3.9.1 ) that don't contain that error message at all.

Instead it will just be a warning that

Warning: Missing argument 2 for wpdb::prepare(), called in XXXX

Therefore quick fixes

1. Use my own wpdb.php class in 3.9.1 and forget about the newer MySQL functions but still have the fix for MySQL Server Has Gone Away and NO ERRORS when Prepare is used without parameters.

2. Remove those lines of code from the top of the wpdb.php class. e.g

function prepare( $query, $args ) {

if ( is_null( $query ) )
   return;

// REMOVE THESE LINES BELOW!
// This is not meant to be foolproof -- but it will catch obviously incorrect usage.
if ( strpos( $query, '%' ) === false ) {

              _doing_it_wrong( 'wpdb::prepare', sprintf( __( 'The query argument of %s must have a placeholder.' ), 'wpdb::prepare()' ), '3.9' );

}

3. Return to using WordPress 3.8.1. There might be some legitimate security holes that the WordPress team have fixed so be careful and check what they actually did in the 3.9 and 3.9.1 updates. Also make sure you are blocking spammers, hackers and the like with tools like fail2ban, .htaccess rules, firewalls, DenyHosts, WordPress firewall plugins and constant analysis of your log files.

Read my article on WordPress security for more information: blog.strictly-software.com/2012/03/wordpress-survival-guide-part-3.html

4. Or get every plugin developer who has used this method without placeholders to rewrite his code, even though he has a hectic day job and may not care or have the time.

If you do - donate!

If you do try and get him to change his code due to WordPress changing theirs as it's not the plugin developers fault in my eyes.

How to send a developer USEFUL information - Debugging Strictly AutoTags

How to send a developer USEFUL information - Debugging Strictly AutoTags

By Strictly-Software

I understand that a lot of people who use CMS systems like Joomla or WordPress don't know how to code otherwise they would be using proper code they had written themselves.

However most people don't know how to code and therefore they install plugins and themes that they download for free and then expect them to do everything they want and more. On top of that they expect instant free support.They don't seem to realise that:
a) A developers time is not spent just working for free on open source projects
b) A donation for time spent fixing a problem that is only apparent to the user in question would be nice at the very least.
c) A developer cannot fix a problem  on a server across the world without:
   -Access to their system or website e.g logins, FTP, SSH, Database etc.
   -Information about the problem and how the developer can go about replicating it to fix it.

If the developer cannot replicate the problem then how on earth are they supposed to be able to fix it for you?

Therefore the first thing you should do if you have a problem with 3rd party code is check to see if other people have had the same PROBLEM and whether the same SOLUTION works for you.

It may be you are asking a common rookie mistake that many previous people have done before and all you need to do is find out from those people what they did to fix it.

However if a search of Google, BING, Techie Forums like stackoverflow.com and others does not reveal an answer then you should go through a step by step guide to narrow down the problem before contacting the developer in question. Believe it or not they do have lives and don't live to fix other peoples bugs.

Below I have reproduced one the debug notes I give out to my WordPress plugin users for one of my own plugins Strictly AutoTags, It should be used as a guide when you are asking for help but please note some questions are plugin specific.

However in general the steps are useful for ALL plugins or problems and therefore they should be read by all WordPress users. 

This step by step routine should ALWAYS be followed by the user before even thinking of emailing me. Also if I do find a problem and fix it for you then some kind of appreciation would be nice e.g a donation would not go a miss.

Steps to narrowing down your problem with a WordPress plugin

1. If you add a post but no tags are added then it does not mean the plugin is not working just that no tags could be found to associate with the post.

2. Test the plugin is working by creating a new post with the following content and saving it as a draft (this is relevant to Strictly AutoTags and may not be needed with your own problem) :

Article Title:

The CIA now admits responsibility for torture at Guantanamo Bay

Content Body:

Today the CIA admitted it was responsible for the recent accusations of torture at Guantanamo Bay.

Billy Bob Johnson, the chief station manager at the Guantanamo Bay prison said that the USA had to hold its hands up and admit that it had allowed its CIA operatives to feed the prisoners nothing but McDonalds and Kentucky Fried Chicken meals whilst forcing them to listen to Christian Rock Music for up to 20 hour periods at a time without any break.

The CIA apologised for the allegations and promised to review its policy of using fast food and Christian Rock Music as a method of torture.

3. Save the draft post and check the number of tags that get added. The plugin should have found a number of words to use even if you have no existing saved tags in your site. It is always best to save the article as a draft, check which tags have been used, remove or add any yourself before publishing an article.

4. Some people have complained that they have added words to the stop/noise word list which still get tagged and think the plugin is broken. This is not the case and the problem is usually that the user hasn't removed any new noise words from the system first BEFORE re-scanning. The noise words are only used in the auto discovery stage of the auto tagging and if tags have already been saved in the system then the site will use them in it's relevancy check whether or not they have been marked as noise words. Version 2.0 has a new option to aid the easy removal of noise words from the saved post tag list and this option should be run whenever new noise words are added.

5. If you have articles with lots of capital words in the title e.g THIS IS A TEST ARTICLE or body then set the Ignore Capital Percentage to a level appropriate for your site. Otherwise words will be treated as acronyms when they shouldn't.

6. If you don't want the plugin to hunt out possible new tags for your site then turn Auto Discovery OFF. Then only existing saved post tags will be used to find relevant tags in new articles.

7. Auto Discovery will find new possible words to use as tags using the settings you give it so set them carefully. However if these new words are not found to be relevant to your article they won't get saved against the post OR in the system. Use the Rank Title and Rank HTML options to ensure words in the post title or already in special formatting HTML such as headers or strong tags are considered more relevant than other words.

8. If you have any problems make sure it not related to Wordpress, your server/hosting or other plugins before requesting support.

9. Please check existing support tickets before writing a new support ticket as the problem may have already been answered.

10. Always disable all other plugins and leave just Strictly AutoTags on before considering it the likely cause of a problem.

11. If you are going to write a new support question that hasn't already been answered can you please provided the following information all which can be got from your host, WP, plugins, DB or a combination of  all.

12. Download the wp-config.php file from your server, edit it and turn the constant WP_DEBUG to TRUE and re-upload e.g

define('WP_DEBUG', false);

define('WP_DEBUG', true);

It will mean your visitors see a lot text all over the screen but it will also help you find any critical errors.

Notices and Warnings do not matter as much. But if you see anything Critical or Erroring - take note to supply the developer with.

If nothing is notable return it to FALSE ASAP!

For example load a version of phpinfo.php onto your server but call it something else so hackers cannot guess it e.g my-3467phpINF.php this way you can see what your server has installed but they can't!

It is very important you tell the developer all of the following information so they know what they are working with.

1. Version of PHP (or other language) you are running (make sure it's compatible with the code)
2. Version of MySQL (or other database system) you are running (make sure it's compatible with the code)
3. Any error message you get when you run the routine that breaks.
4. The time it takes to run before breaking.
5. If you can hit F12 and view the console any Nework/JavaScript errors you may have - also if you have lots of 404's due to missing files fix those as that will cause overhead. If you don't have them just create blank file with the same name.
6. If you can code, turn on the debug constant in the plugin, change your IP in the MyIP function to your own IP address (just type "What is my IP" into Google to get a value, re-upload the file (after backing up) and send me the output of the debug.
7. If you have lots of browser add-ons try it in a fresh install of a new browser, e.g download Opera/Safari for windows and test it on that.
8. If possible install HTTP Fox on FireFox, open it, and then press play just before doing the action that causes the problem. This will give you all the HTTP requests and responses from the server. Look for any 500 status codes or errors. Send me anything unusual - and only related to my site/plugin as it will also record all the plugin guff from your FireFox extensions as well.
9. The more information the better, so screeen shots, video casts (free online, click play, do action, stop, send link etc).and step by step guides of what YOU did to reproduce the problem will help.
10. How many articles are on your site?
11. Is it a big or small site?
12. Do you get hacked a lot?
13. What were the last errors in your hosts error_log (available through VMIN and SSH e.g PUTTY using a less command on the error log)

So although there is more you can do this should be the first things you do when you notice an issue with your code.

Please remember developers are NOT mind readers. So sending in emails or messages like

"When I do X nothing happens"

of

"When I hit the send button it breaks"

Are more than useless.

Please help a developer have a break! And thank them with more than words if they do spend all day and night helping you!

Thanks

Buy Strictly AutoTags NOW!

Remember there ids a PRO version of Strictly AutoTags which you csn buy from etsy.com or my own site.

For only £40 you get all the normal features plus:

• The ability to match on tag but tag another.
• Set up your "TOP TAGS" whih wil be ranked above all overs.
• Turn text links like www.strictly-software.com into real clikable links like www.strictly-software.com.
• Remove old HTML like B and I and replace them with modern tsgs like E and I.
• Set limits on the 

Please Don't Upgade to Wordpress 3.9!

Please Don't Upgade to Wordpress 3.9!

I have just been sent this email by WordPress telling me of the changes they are making.

As some of these changes have not been made in my plugins and you DO upgrade to WordPress 3.9 and any of my plugins break e.g

Strictly AutoTags
Strictly TweetBot
Strictly Google Sitemap (no longer supported)
Strictly Content Cleaner
Strictly System Check

Then you WILL HAVE problems due to code they are now using not being in the plugins.

I wanted a quite Easter Weekend not one spend coding!

So if you do get problems by upgrading it's your own fault for not following my blog!

New Version of Strictly AutoTags - Version 2.8.6

Strictly Auto Tags 2.8.6 Has Been Released!

Due to the severe lack of donations plus too many broken promises of "I'll pay if you just fix or add this" I am stopping to support the Strictly Auto Tags plugin.

The last free version, 2.8.5 is up on the WordPress repository: wordpress.org/plugins/strictly-autotags

It fixes a number of bugs and adds some new features such as:

1. Updated storage array to store content between important content, bold, strong, headers and links etc. So they don't get tagged inside e.g put bolded words inside an existing h4 etc. 
2. Changed storage array to run "RETURN" twice to handle nested code because of previous change.
3. Fixed bug that wasn't showing the correct value for the minimum number of tags that a post must have before deeplinking to their tag page in admin. 
4. Fixed bug in admin to allow noise words to have dots in them e.g for links like youtube.com 
5. Added more default noise words to the list.
6. Cleaned code that wasn't needed any-more due to changes with the way I handle href/src/title/alt attributes to prevent nested tagging.
7. Removed unnecessary regular expressions which are not needed now. 

Version 2.8.5 of Strictly AutoTags www.strictly-software.com/plugins/strictly-auto-tags

Is going to be a "donate £40+" and get a copy version.

I am going to be sexing this plugin up into more of an SEO, text spinning, content cleaning, auto-blogging tool full of sex and violence in the future and I am running it on my own sites at the moment to see how well it does.

New features in 2.8.6 include.

Set a minimum length of characters for a tag to be used.

Set equivalent words to be used as tags. I have devised a "mark up" code for doing this which will allow you to add as many tag equivalents as you want. For example this is a cut down current version from one of my sites to show you an example using Edward Snowden (very topical at the moment!).

[NSA,Snowden,Prism,GCHQ]=[Police State]|[Snowden,Prism]=[Edward Snowden]|[Prism,XKeyscore,NSA Spying,NSA Internet surveillance]=[Internet Surveillance]|[TRAPWIRE,GCHQ,NSA Spying,Internet surveillance,XKeyscore,PRISM]=[Privacy]|[Snowden,Julian Assange,Bradley Manning,Sibel Edmonds,Thomas Drake]=[Whistleblower]

As you can see from that example you can use the same words multiple times and give them equivalent tags to use. So if the word Snowden appears a lot I will also tag the word "Police State", "Edward Snowden", "Whistleblower" as well as Snowden.

This feature is designed so that you can use related words as tags that maybe more relevant to peoples searches. 

I also have added a feature to convert textual links that may appear from importing or scraping into real links for example www.strictly-software.com will become a real link to that domain e.g http://www.strictly-software.com.

I have added the new attributes data and their derivatives e.g data-description or data-image-description , basically anything that has data- at the front of it, into my list of attributes to store and then replace after auto-tagging to prevent nested tags being added inside them.

I will be extending this plugin lots in the future but only people prepared to pay for it will be able to get the goodies. I am so fed up of open-source coding there is little point in me carrying on working my ass off for free for other peoples benefit any more.

If you want a copy email me and then I will respond.

You can then donate me the money and I will send you a unique copy.

Any re-distribution of the code will mean hacks, DDOS, viruses from hell and Trojans coming out your ass for years!

Strictly TweetBOT Version 1.1.2 Released

Version 1.1.2 of the Wordpress Plugin - Strictly TweetBot released

New features and bug fixes include:

• Fixed bug with some words in the TweetShrink function.
• Added new short versions of words for the TweetShrink function.
• I have improved the performance of the loop that controls the tweets by only getting the permalink for the new post once and not on every loop iteration as before.
• I have added an option to make an HTTP request to the new post before tweeting so that if caching plugins are installed and their caching options are enabled correctly the page will get cached before any Twitter rush from BOTS visiting the post. I have proved that at least 50+ (growing all the time) requests to any link in a new Twitter post can concurrently occur when a Tweet is posted.
• I have added an option to use a different user-agent when making this HTTP request so that you can easily identify the request in your access log files for debugging etc.
• I have also added a new configuration test to the "Config Test" button which tests the HTTP Cache test by posting the last article posted and returning a status code for it.

Caching new posts before any Twitter Rush

The main feature of this release is the ability to fire off an HTTP request to the post being Tweeted about before any Tweets are sent.

The idea is that if you are using any number of caching systems (properly configured obviously - and every caching system is different) the first page request will be from the TweetBot and hopefully cause that page to be cached by the system you are using e.g WP Super Cache, W3 Total Cache, Apache Caching modules etc.

The aim is that by caching the post before any Tweets are sent that any Twitter Rush that occurs when your link hits Twitter does not overload it by having 50+ BOTS all concurrently hitting the page and competing to be the first visit to cause the page to be cached for future visitors.

Obviously if you are logged in as admin when writing your post then this might not cause a cache in some systems. For example WP Super Cache has an option to prevent logged in users from seeing cached pages. Therefore if you are logged in when you write a post this automated HTTP request might not cache the page if you have set the option on NOT to serve cached pages for logged in users.

However if you are auto-blogging and importing posts from feeds using WP Robot, WP-O-Matic or any other system then you will not be logged in and this HTTP request should create a cached page for BOTS to hit.

As I said, it all depends on the caching system you are using and how you configure it.

Remember every caching system is different and it all depends on the options you configure in the admin area of your own particular caching system. So make sure it is configure correctly to allow for the first visit to any post to be cached.

So version 1.1.2 of Strictly-Tweetbot is now live and you can download it from my main site or from the Wordpress plugin repository whenever you want.

Fixing Postie the Wordpress Plugin for XSS Attacks that don't exist

Fixing the "Possible XSS attack - ignoring email" error message in Postie

As you may know if you read my earlier post on fixing the Wordpress plugin Postie when it wouldn't let me pass multiple categories in their various formats in the subject line a new version of Postie has come out since.

However I have been regularly noticing that emails that should be appearing on my Wordpress site when they are posted by email using Postie haven't been.

Today I looked into why and when I ran the manual process to load emails by pressing the "Run Postie" button I was met with an error message that said

possible XSS attack - ignoring email

I looked into the code and searched for the error message which is on line 38 of the file postie_getmail.php and it gets displayed when a Regular Expression runs that is supposed to detect XSS attacks.

The code is below

if (preg_match("/.*(script|onload|meta|base64).*/is", $email)) {
 echo "possible XSS attack - ignoring email\n";
 continue;
}

I tested this was the problem by running the script manually in the config area of Postie and outputting the full email before the regular expression test.

As the email is base64 encoded (well mine is anyway) the full headers are shown at the top of the encoded email e.g

Return-Path:
X-Original-To: xx12autopost230.sitename@domain-name.com
Delivered-To: xx12autopost230.sitename@domain-name.com
Received: from smtp-relay-2.myrelay (smtp-relay-2.myrelay [111.11.3.197])
by domain-name.com (Postfix) with ESMTP id 8497724009C
for ; Mon, 22 Oct 2012 05:49:32 +0000 (UTC)
Received: from xxxxxxx (unknown [11.1.1.1])
by smtp-relay-2.myrelay (Postfix) with ESMTP id 9E3B495733
for ; Mon, 22 Oct 2012 06:45:30 +0100 (BST)
MIME-Version: 1.0
From: admin@sitename.com
To: xx12autopost230.sitename@domain-name.com
Date: 22 Oct 2012 06:46:28 +0100
Subject: Subject: [My Subject Category1] [My Subject Category2] Title of Email
 October 2012
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: base64
Message-Id: <20121022054530 .9e3b495733=".9e3b495733" smtp-relay-2.myrelay="smtp-relay-2.myrelay">

PHA+PHN0cm9uZz5ZZXN0ZXJkYXlzIG1lbWJlcnMgaGFkIGFjY2VzcyB0byA0NSB0aXBzIGFj
cm9zcyA4IGRpZmZlcmVudCBzeXN0ZW1zLjwvc3Ryb25nPjwvcD48cD5JZiB5b3UgaGFkIHBs
YWNlZCBhIEJldGZhaXIgbWluaW11bSBiZXQgb2YgJnBvdW5kOzIuMDAgb24gZWFjaCBiZXQg
PHN0cm9uZz5vbiBFVkVSWSBzeXN0ZW08L3N0cm9uZz4gKExheXMsIFBsYWNlIERvdWJsZXMs
IFdpbnMgZXRjKSB0aGF0IGhhZCBhbiBTUCBsZXNzIHRoYW4gMTkvMSBhdCB0aGUgdGltZSBJ

I've just shown a bit of the message which is base64 encoded.

As you can see if you do a search for one of the strings he is searching for as a word not in a scriptual context e.g base64 not base64("PHA+PHN0cm9"); 

The word base64 appears in the headers of the email e.g:

Content-Transfer-Encoding: base64

Therefore the regular expression test fails and Postie displays the "possible XSS attack - ignoring email" error message.

Therefore just doing a basic string search for these words:

script, onload, meta and base64

Will mean that you could find yourself having emails deleted and content not appearing on your Wordpress site when you expect it to. All due to this regular expression which will be popping up false positives for XSS attacks when none really exist.

Also these words could legitimately appear in your HTML content for any number of reasons and not just because they are used in the email headers so a better regular expression is required to check for XSS attacks.

How to fix this problem

You could either remove the word base64 from the regular expression or you could delete the whole test for the XSS attack.

However I went for keeping a test for XSS attacks but making sure they were checking more thoroughly for proper usage of the functions rather than simple tests for occurrences of the word.

The regular expression is more complicated but it covers more XSS attack vectors and I have tested it myself on my own site and it works fine.

You can replace the code that is causing the problem with the code below.

if(preg_match("@((%3C|<)/?script|<meta|document\.|\.cookie|\.createElement|onload\s*=|(eval|base64)\()@is",$email)){
      echo "possible XSS attack - ignoring email\n";
      continue;
}

Not only does this mean that it won't fall over when the words are mentioned in headers but it actually looks for the correct usage of the hack and not just the word appearing. E.G instead of looking for "script" it will look for

<script %3Cscript </script %3Cscript 

This includes not only the basic <script but also urlencoded brackets which are another common XSS attack vector. You could include other forms of encoding such as UTF-8 but it all depends on how complicated you want to make the test.

As you may know if you have read my blog for a long time hackers are always changing their methods and I have come across clever two stage SQL injection attacks which involve embedding an encoded hack string first and then a second attack that's role is to unencode the first injection and role out the hack.

The same can be done in XSS attacks, e.g encoding your hack so it's not visible and then decoding it before using an eval statement to execute it. However I am keeping things simple for now.

I have also added some more well known XSS attack vectors such as:

eval( , document. , .createElement and .cookie 

As you can see I have all prefixed or suffixed them with a bracket or dot which is how they would be used in JavaScript or PHP.

Notice however that I haven't prefixed createElement and cookie with the word document. This is because it is all too easy to do something like this:

var q=document,c=q.cookie;alert(c)

Which stores the document object in a variable called "q" and then uses that to access the cookie information. If you have a console just run that piece of JavaScript and you will see all your cookie information.

This regular expression still also tests for:

<script, base64(, <meta, onload= and onload =

but as you can see I have prefixed the words with angled brackets or suffixed them with rounded brackets, dots or equal signs (with or without a space).

This has solved the problem for me and kept in the XSS attack defence however if you are passing HTML emails containing JavaScript to your site just beware that if you use any of these functions they might be flagged up. 

I have tested each XSS attack vector but let me know of any problems with the regular expression.

Also I have removed the .* before and after the original test as it's not required. Also it just uses up memory as its looking for any character that may or may not be there and the longer the string it's searching the more memory it eats up.

I have updated my own version of this file and everything has gone onto the site fine since I have done so.

If anyone else is having problems with disappearing posts driven by Postie then this "might be the cause."

You can see my Wordpress response here: Wordpress - Postie Deletes Email but doesn't post

Please do not ask me to earn your wages for you

Another rant about Open Source development

I would like all my readers and especially the tens of thousands of people who have downloaded my Wordpress Plugins to please remember the following >> I am currently giving my plugins away for free and relying on Google adsense clicks and donations to help fund my development time.

So far I have had a few £60 payments from Google and a minimal amount of donations. I have welcomed every donation so far so please don't think they are not appreciated but when you usually work for £700 a day having a donation for £1 or £2 once a fortnight which relates to about 3,000 downloads is a bit disheartening.

I know I have blogged about how much I hate open source coding before but I am honestly of the opinion that a number of UK and US companies are outsourcing high quality IT developer jobs to India (because it seems you can find a developer willing to write whole websites for less than a £50 somewhere on that sub-continent) only for those same developers to fill up my inbox or comment sections with requests for me to do their work for them for free.

In fact probability suggests that I have more than likely ended up doing some Indians work for them for free who stole the original contract from myself due to undercutting my reasonable and realistic quote for a £10!

It would be quite funny if not so sad and unfortunate but it seems that too many IT managers and company directors have no idea about the value of a qualified and experienced IT developer nowadays and it's only through their incessant cost cutting that they will learn the hard way.

It is also for this reason that I am going to refuse to do any custom development for any of my plugins unless partial payment is received up front.

On numerous occasions, and sadly this even includes multi-national companies, I have had people contact me and promise reasonable sized donations for specific features to be developed only for them to swerve me once the work has been done.

Due to the GPL nature of Wordpress there is little scope for money making unless you do most of your work with remote procedure calls or mask your code some way which unlike C# and .NET is pretty hard with PHP as you cannot easily convert your code to a compiled DLL or equivalent compiled file type.

Therefore if you have any requirements or ideas for improvements to my plugins you may email me with your request but please don't expect a reply unless you are willing to pay for the work up front. I am a reasonable man and will accept half up front and half on completion but I have lost faith in mankind to keep their word and there are way too many shysters for my liking.

Either steal my code without me knowing about it or pay me for it.

DO NOT ask to steal my code it makes no fucking sense at all! (this has actually happened)

If you cannot code and are incapable of amending or making your own plugins like I had to do or you are too stupid to steal code without being caught then be a real man and ask the developer what price they will accept.

Do not promise them a tenner for a grands worth of work and do not get annoyed when you ask if your specific feature is something I am thinking of introducing in a future release and I reply "not unless someone pays me to do it".

I have long passed the time in my life where I code other peoples work for fun just so that they can earn money off my hard labour.

My rant is officially over. Thank you for listening.

Why is Strictly AutoTags a good tagging plugin

Strictly AutoTags - Is it a good plugin?

As the author of the top rated Strictly AutoTags Wordpress plugin that at the time of writing has been downloaded over 35,000 times and still has 5 stars I am bound to be biased towards it.

You can read all about my plugin on my main website or view many of the reviews people have written about it on-line however I thought I would quickly list a couple of the main points which are often overlooked.

The main point is that Strictly AutoTags does not use remotely hosted API's to determine which tags to use.

Many of the other automatic tagging plugins use API's to retrieve a list of tags for their article posts. This involves sending the article to a remote site through an HTTP request and retrieving a list of tags in an HTTP response. The downsides of this approach are:

• You are relying on a remote website and a working API for the tagging to work. If their server is down or their code is broken you will get no tags back.
• You are relying on a 3rd party to keep a list of tags up to date. When new tags come out you must wait until they are added before they can be used. For example if a news story breaks that mentions for the first time the name of a major character within the story - say a baby goes missing or a banker commits suicide then their names are unlikely to be in any 3rd party list of tags until someone a) decides the name is worth going on the list and b) the list is updated to have the name on it.
• You are using up bandwidth passing content back and forth from your websites server to the API server. Depending on the size of the article and the number of articles you are tagging this may or may not cost you a lot of money depending on your hosting package.

Why is the Strictly AutoTags plugin different?

Well for one it has the best of both worlds in that it uses your existing tag list to work out what words to use for post tags and therefore you can tailor your own tag list to words relevant to your sites content only and start off with as big or as small a list as possible.

Instead of using up bandwidth and relying on the 3rd party API to always be active and fast you can create your own tag list and do the same thing internally. It may not have the same size or depth of tags but you are not using bandwidth or spending time making HTTP requests to check for tags you might already have.

Another great feature is that it has an auto discovery feature which when enabled will automatically scan the content of your article for words or sentences that can be used as new tags. This is great for sites with no initial tag list as it will help build a list from scratch and it is also great for identifying the names of people who have suddenly become famous over night and are appearing in news stories before 3rd party API's have been updated.

Using my own proprietary code I scan content for possible new tags that match important English words such as names of people, companies, government office branches, football clubs and anything else that could be deemed important. This is all done without requiring the upkeep of a list of possible tags which 3rd party API's mainly rely on.

If a news story breaks about a fireman called Mike Johnson saving a baby named Amanda Jean Jones then these names would be identified as possible tags and if saved they are then available in future searches. API's relying on lists would need to add these names into their database so that users of their API could make use of them before they get tagged.

Another reason my plugin is pretty cool is that unlike some plugins that just match existing tags inside the content and then re-use them for that article my plugin checks to see how often the tags are used so only the most relevant and frequently referenced tags are added.

It also ranks each tag match depending on where it appears so that the tag "CIA" appearing in the article title or a H1 tag is ranked a lot higher than if the word just appeared in a paragraph inside the main content.

My plugin all ranks matches within all important kinds of HTML such as H1 to H6, Strong, EM, Bold, Italic and Anchor tags. A word within an H2 is ranked higher than one within an H6 or a Strong tag. These rankings are then used to order the tags so only the tags ranked with the highest score are used.

The admin user can configure the maximum number of tags that can be added per article as well as a number of other cool featured including the great for SEO option of wrapping tagged words in <STRONG>tags</STRONG> so they are considered more important than other pieces of text.

As well as being able to set up the plugin to ignore certain words or phrases as either case sensitive or case insensitive the plugin has a number of other options and I am constantly coming up with new ideas for it.

In fact I am working on a new SEO related plugin that is so black hat that I am having trouble coming up with a descriptive word for it that conveys it's total awesomeness.

If anyone has any ideas of what they would like to see in any Search Engine Optimisation plugins then please leave a comment or send me an email as the more ideas the better.

Anyway if you are currently debating on what kind of autoblogging tools to use for your Wordpress site then I suggest checking out my plugins Strictly AutoTags and Strictly Tweetbot two plugins that can save you huge amounts of time and give your blog or site an active online social media presence without lifting a finger.

Also if you are one of the 35,000 plus users of my Strictly AutoTags plugin and you have found it useful in generating you a nice a tag list or helped in driving traffic to your site then please consider donating a small amount of money to my site.

Remember that at the moment all my Wordpress Plugins are free and they take a lot of time to keep maintained as well as developing new features. Without your support I will have to stop my open source development and move back towards paid for applications which is only going to hurt current users so please consider helping me out. Remember any amount is appreciated!

Strictly Tweetbot Wordpress Plugin

Automatically post tweets to multiple accounts with Strictly Tweetbot for Wordpress

If you are a frequent Wordpress and Twitter user then you might be interested in one of my plugins I have developed for Wordpress called Strictly Tweetbot. This plugin is ideal for news aggregators or auto blogging sites which need to run 24/7 and maintain an online presence across multiple spheres with little oversight.

Most people who make use of Twitter will post a message or two about new articles and it is a great way of getting content indexed quickly as you will see from my own investigation dozens of bots, SERPs and social media scrapers will visit your content as soon as a link is posted on Twitter.

Whilst there are many Twitter based plugins already available for Wordpress I found that they didn't really meet all the requirements that my own auto blogging sites required which were:

• The ability to post to multiple twitter accounts
• The ability to post different messages to different accounts
• The ability to post multiple messages to the same account
• The ability to decide whether or not to post to an account by checking the content of the message. For example I have an IT related Twitter account and on a certain site I only want to post messages to that account if the article in question contained certain IT keywords.
• The ability to convert post tags or categories into hash tags
• Using the new OAuth method of authenticating Twitter accounts without having to register each blog that uses the plugin as an application and consumer.
• And of course the ability to automatically shorten the URLs

As I didn't require some of the other features such as the ability to post a tweet from my home page or create daily or weekly twitter digest posts I came up with my own plugin Strictly Tweetbot.

Used on its own it's great for auto blogging but when combined with my Strictly Auto Tags plugin that finds new tags within articles it means all my tweets have relevant hash tags appended to them.

Another nice feature is the reporting tool that enables you to view from the admin panel the last messages that were posted by the plugin as well as any potential problems with Twitter.

You can download the latest version of the plugin from Wordpress at: wordpress.org/extend/plugins/strictly-tweetbot/.

If you like this plugin you might be interested in my other Wordpress plugins:

wordpress.org/extend/plugins/strictly-autotags/

wordpress.org/extend/plugins/strictly-system-check/

wordpress.org/extend/plugins/strictly-google-sitemap/

For full details check out my plugin page at www.strictly-software.com/plugins/strictly-wordpress-plugins

Strictly System Checker - Wordpress Plugin

Updated Wordpress Plugin - Strictly System Check

Ensure your Wordpress site is up 24/7 and be kept informed when it isn't without even having to touch your server or install monitoring software with this Wordpress plugin I created.

I have just released version 1.0.2 which has some major new features including:

The option to check for fragmented indexes and to carry out an automated re-index using the OPTIMIZE command.

And most importantly I have migrated some of the key features that MySQL performance monitoring scripts such as MySQLReport use to the plugin so that you can now be kept informed of:

• MySQL Database Uptime
• No of connections made since last restart, connections per hour.
• The no of aborted connections.
• No of queries made since last restart, queries per hour.
• The percentage of queries that are flagged as slow.
• The number of joins being carried out without indexes.
• The number of reads and writes.

You can find out more about this very useful plugin at my main site: www.strictly-software.com/plugins/strictly-system-check

It's a plugin I created out of necessity and one that has been 100% useful in keeping my site running and on those occasions it's not I get to know about it before anyone complains.